CVE-2021-30213

Name of the Vulnerable Software and Affected Versions Knowage Suite version 7.3

Description The issue concerns unauthenticated reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in "/servlet/AdapterHTTP" via the targetService parameter.

Recommendations For Knowage Suite version 7.3, consider disabling access to the "/servlet/AdapterHTTP" endpoint until a patch is available, and restrict the use of the targetService parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.